Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015
Ran by Kent (administrator) on X42J (31-10-2015 13:02:50)
Running from C:\Users\Kent\Desktop\New folder
Loaded Profiles: Kent (Available Profiles: Kent)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
() C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe [4244888 2011-12-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-05] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-06] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687488 2015-09-09] (Sony Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-10-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-10-14]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3789560024-2566756074-542660013-1000] => http=127.0.0.1:12498
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A38F67C-A624-41B2-A91E-B8B4309ABA0E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B64A4D99-6E2C-42DF-9096-CA8B0E25C7BE}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://
www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=14015055_adr&ch=33
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll => No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
Handler-x32: asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWow64\WowCtl2.dll [2006-10-13] (EzTools Software)
Handler-x32: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
FireFox:
========
FF ProfilePath: C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kent\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\abs@avira.com [2015-10-31] [not signed]
FF Extension: Video AdBlock for Firefox - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-10-11] [not signed]
FF Extension: rootwdmaudBckp - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\rootwdmaudBckp.xpi [2015-04-08] [not signed]
FF Extension: Pirrit Suggestor - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\suggestor@pirrit.com.xpi [2013-10-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2015-02-18] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.eseeky.com/ws/?source=728386ab&tbp=homepage&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://mystart.com/default-search/rsc001__moss__org103__103_55f1ea83a6fde195087b23c7__2_4_5__moc__nt__yr/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll => No File
CHR Plugin: (Google Update) - C:\Users\Kent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kent\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Profile: C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-10-11]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-10-11]
CHR Extension: (YouTube) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-04-02]
CHR Extension: (Safe Money) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-04-02]
CHR Extension: (Content Blocker) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-04-02]
CHR Extension: (Virtual Keyboard) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-04-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [iphahelpmejkbidhiecfeicblienleon] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-01-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2011-04-24] (Macrovision Europe Ltd.) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-03-31] () [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 pappService; C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe [187904 2015-09-21] () [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496128 2015-09-09] (Sony Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [319384 2011-12-15] (WDC)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1977224 2011-12-15] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338264 2011-12-15] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 1838e5927a77d55.exe; C:\Users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe [X]
S2 ad10292fd537312.exe; C:\Users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe [X]
S2 biosmemdiagx86.exe; C:\Users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe [X]
S2 CGIEncondingSymbolic.exe; C:\Users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe [X]
S2 DatabaseMemoryPython.exe; C:\Users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe [X]
S2 KernelNativeRuntime.exe; C:\Users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [117760 2009-10-15] (ELAN Microelectronic Corp.) [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO) [File not signed]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corporation )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 JME; system32\DRIVERS\JME.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-31 11:45 - 2015-10-31 13:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-31 11:13 - 2015-10-31 11:31 - 00000000 ____D C:\Qoobox
2015-10-31 11:13 - 2015-10-31 11:30 - 00000000 ____D C:\Windows\erdnt
2015-10-31 11:13 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-31 11:13 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-31 11:13 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-31 11:11 - 2015-10-31 11:11 - 05637361 ____R (Swearware) C:\Users\Kent\Desktop\ComboFix.exe
2015-10-31 06:30 - 2015-10-31 07:34 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-31 01:43 - 2015-10-31 06:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-31 01:43 - 2015-10-31 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-31 01:42 - 2015-10-31 01:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-31 01:42 - 2015-10-31 01:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-31 01:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-31 01:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-31 01:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-31 00:55 - 2015-10-31 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-10-31 00:55 - 2015-10-31 00:55 - 00000000 ____D C:\Program Files\RogueKiller
2015-10-29 22:41 - 2015-10-31 13:03 - 00000000 ____D C:\FRST
2015-10-28 21:24 - 2015-10-28 22:11 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-26 23:35 - 2015-10-26 23:35 - 00114688 _____ C:\Users\Kent\Downloads\iSolutions_Lifecycle_Cost_Tool.xls
2015-10-26 21:35 - 2015-10-27 00:13 - 00943108 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev01#.xlsx
2015-10-26 21:35 - 2015-10-26 21:35 - 00105781 _____ C:\Users\Kent\Downloads\VRV Vs Central Chiller Plant_rev 3_traiff_solar.xlsx
2015-10-26 21:35 - 2015-10-26 21:35 - 00013838 _____ C:\Users\Kent\Downloads\VRV vs CHP_r2 (Revised 24 Oct)_tariff_solar.xlsx
2015-10-24 11:38 - 2015-10-25 17:32 - 01064168 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev01.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00472513 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev00.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00242826 _____ C:\Users\Kent\Downloads\ER481 Conceptual ECS markup.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00033792 _____ C:\Users\Kent\Downloads\Cooling Tower Make-up Water Tank Calculation (typical).xls
2015-10-24 11:36 - 2015-10-24 11:37 - 00000000 ____D C:\Users\Kent\Downloads\New folder
2015-10-15 22:13 - 2015-10-15 22:13 - 00000000 ____D C:\Users\Kent\AppData\Roaming\MPC-HC
2015-10-13 20:33 - 2015-10-31 13:02 - 00000000 ____D C:\Users\Kent\Desktop\New folder
2015-10-13 20:28 - 2015-10-13 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-13 20:25 - 2015-10-31 12:56 - 00000548 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-13 20:25 - 2015-10-31 11:30 - 00000552 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-13 20:25 - 2015-10-13 20:28 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-13 20:25 - 2015-10-13 20:25 - 00003548 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-10-13 20:25 - 2015-10-13 20:25 - 00003296 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-10-11 18:38 - 2015-10-11 18:38 - 00000000 ____D C:\_OTL
2015-10-11 09:47 - 2015-10-11 09:47 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-11 08:29 - 2015-10-11 08:29 - 00001307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-10-11 08:29 - 2015-10-11 08:29 - 00000000 ____D C:\Windows\en
2015-10-11 08:28 - 2015-10-11 08:28 - 00001376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-10-11 08:27 - 2015-10-11 08:27 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-11 08:19 - 2015-10-20 19:16 - 00003782 _____ C:\Windows\System32\Tasks\klcp_update
2015-10-11 08:16 - 2015-10-20 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-10-11 08:16 - 2015-10-17 02:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2015-10-11 08:15 - 2015-10-17 02:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2015-10-11 08:15 - 2015-06-22 21:25 - 00254976 _____ C:\Windows\system32\xvidvfw.dll
2015-10-11 08:15 - 2015-06-22 21:25 - 00240128 _____ C:\Windows\SysWOW64\xvidvfw.dll
2015-10-11 08:15 - 2015-06-22 21:24 - 00729088 _____ C:\Windows\system32\xvidcore.dll
2015-10-11 08:15 - 2015-06-22 21:24 - 00655872 _____ C:\Windows\SysWOW64\xvidcore.dll
2015-10-11 08:15 - 2015-02-28 23:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-10-11 08:15 - 2015-02-28 23:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-10-11 08:15 - 2012-07-21 18:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-10-11 08:15 - 2012-07-21 18:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-10-11 08:15 - 2011-12-08 01:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-10-11 08:15 - 2011-12-08 01:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-10-11 08:11 - 2015-10-22 19:29 - 00000000 ____D C:\Users\Kent\.oracle_jre_usage
2015-10-11 08:11 - 2015-10-11 08:11 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Sun
2015-10-11 08:09 - 2015-10-22 19:27 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-11 08:08 - 2015-10-22 20:01 - 00000000 ____D C:\Program Files\Java
2015-10-11 08:07 - 2015-10-11 08:07 - 00000000 ____D C:\Users\Kent\AppData\LocalLow\Oracle
2015-10-11 07:51 - 2015-10-11 07:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-11 07:49 - 2015-10-14 20:23 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-11 07:46 - 2015-10-31 00:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-11 07:46 - 2015-10-11 07:46 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-11 07:28 - 2015-10-31 01:33 - 00000000 ____D C:\AdwCleaner
2015-10-11 07:25 - 2015-10-11 07:25 - 00000000 ____D C:\Users\Kent\AppData\Local\Secunia PSI
2015-10-11 07:25 - 2015-10-11 07:25 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-10-11 07:17 - 2015-10-11 07:17 - 00002050 _____ C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-10-11 07:17 - 2015-10-11 07:17 - 00002020 _____ C:\Users\Kent\Desktop\FileHippo App Manager.lnk
2015-10-11 07:17 - 2015-10-11 07:17 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-31 13:04 - 2010-10-14 04:41 - 01632110 _____ C:\Windows\WindowsUpdate.log
2015-10-31 13:04 - 2009-07-14 12:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-31 13:04 - 2009-07-14 12:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-31 13:00 - 2013-04-02 17:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-31 12:58 - 2011-08-22 23:26 - 00000000 ___RD C:\Users\Kent\Dropbox
2015-10-31 12:58 - 2011-08-22 23:23 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Dropbox
2015-10-31 12:56 - 2010-10-14 05:20 - 00000000 ____D C:\Program Files\P4G
2015-10-31 12:56 - 2010-10-14 04:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 12:56 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 12:56 - 2009-07-14 12:51 - 00191448 _____ C:\Windows\setupact.log
2015-10-31 12:20 - 2010-10-14 05:04 - 00554072 _____ C:\Windows\PFRO.log
2015-10-31 11:31 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2015-10-31 11:28 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2015-10-31 11:04 - 2011-02-26 16:55 - 00000000 ____D C:\Users\Kent\Tracing
2015-10-31 07:25 - 2010-10-14 04:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 06:18 - 2010-10-14 05:22 - 00002469 _____ C:\Windows\system32\ServiceFilter.ini
2015-10-28 21:03 - 2011-02-26 15:54 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-28 21:03 - 2011-02-26 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-28 21:03 - 2011-02-26 15:53 - 00000000 ____D C:\Program Files\WinRAR
2015-10-28 20:46 - 2009-07-14 13:13 - 00788704 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-26 21:31 - 2014-11-16 14:54 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 20:01 - 2013-12-24 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-20 19:15 - 2011-02-26 19:47 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-10-13 20:29 - 2015-06-18 07:11 - 00000000 ____D C:\Users\Kent\AppData\Local\Dropbox
2015-10-11 08:23 - 2011-02-26 15:26 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-10-11 08:20 - 2011-08-09 11:20 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Mozilla
2015-10-11 08:20 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-11 08:14 - 2011-04-09 09:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-11 08:13 - 2011-02-26 15:28 - 00088526 _____ C:\Windows\DirectX.log
2015-10-11 08:11 - 2011-02-26 15:25 - 00000000 ____D C:\Users\Kent
2015-10-11 08:08 - 2013-12-24 22:48 - 00000000 ____D C:\ProgramData\Oracle
2015-10-11 07:51 - 2011-08-09 11:18 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-11 07:51 - 2011-08-09 11:18 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-11 07:50 - 2011-08-09 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-11 07:49 - 2011-02-27 12:18 - 00000000 ____D C:\Users\Kent\AppData\Local\Adobe
2015-10-11 07:46 - 2010-10-14 04:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-11 07:38 - 2010-10-14 05:22 - 00002216 _____ C:\Windows\system32\AutoRunFilter.ini
2015-10-11 07:37 - 2015-09-22 13:07 - 00000000 ____D C:\Users\Kent\AppData\Local\minimalwinsockDrv
2015-10-11 03:31 - 2014-11-18 22:16 - 00000000 ____D C:\Users\Kent\AppData\Local\CommandDirect3dKeyboard
2015-10-11 03:31 - 2013-10-31 00:43 - 00000000 ____D C:\Program Files (x86)\Rapider
2015-10-10 23:32 - 2012-08-25 13:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-10 23:20 - 2010-10-14 04:57 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-10 23:19 - 2010-10-14 05:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-10-10 23:14 - 2010-10-14 04:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-10 23:14 - 2010-10-14 04:53 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-10 23:14 - 2010-10-14 04:53 - 00000000 ____D C:\Program Files (x86)\CyberLink
==================== Files in the root of some directories =======
2013-12-19 03:50 - 2015-03-24 00:05 - 0000127 _____ () C:\Users\Kent\AppData\Roaming\WB.CFG
2013-10-31 00:53 - 2013-10-31 00:53 - 0000218 _____ () C:\Users\Kent\AppData\Local\recently-used.xbel
2010-10-14 04:58 - 2010-07-07 07:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2010-10-14 04:54 - 2010-10-14 04:54 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-14 04:53 - 2010-10-14 04:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\Kent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgflpdu.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-07 22:05
==================== End of FRST.txt ============================